13 May 2016

Petya ransomware is back with a friend named Misha

Petya ransomware is back with a friend named Misha

Petya ransomware became very popular because of its name. However, the code was not efficient enough to make money for malware writers. Petya needed administrative privileges on the system to modify master boot record. If it could not get administrative privileges, it did nothing with the infected computer.

Ransomware writers had to do something about it, and they did: a very clever and scary move from. They released new malware named Misha. It is downloaded by Petya in case Petya’s installation has failed. Misha does not require administrative privileges, according to Bleepingcomputer.

After installation Misha ransomware encrypts files with AES encryption algorithm and demands ransom of 1.93 bitcoins (approximately $875). Encrypted files are renamed and 4-character extension is added to the filename, for example: test.jpg will renamed into test.jpg.7GP3.

Ransomware is distributed via emails with link to malicious executables, disguised as job applications.

Unfortunately, there is no know way to restore encrypted files for free.

Back to the list

Latest Posts

New espionage campaign targets diplomatic missions and governmental institutions in Eastern Europe

New espionage campaign targets diplomatic missions and governmental institutions in Eastern Europe

The Attor malware comes with some unusual capabilities including the use of encrypted modules, Tor-based communications, and a plugin designed for GSM fingerprinting.
11 October 2019
Iran-linked Charming Kitten APT updates its arsenal with new spear-phishing techniques

Iran-linked Charming Kitten APT updates its arsenal with new spear-phishing techniques

The Iranian state-sponsored hackers Charming Kitten employed new spear-phishing methods in a campaign observed in August and September.
10 October 2019
Hackers hit Volusion e-commerce sites in pursuit of customers’ credit card data

Hackers hit Volusion e-commerce sites in pursuit of customers’ credit card data

It is estimated that more than 6,500 sites are affected, that number could be even higher.
10 October 2019
Featured vulnerabilities
Remote code execution in Bento4 media player
High Not Patched | 13 Oct, 2019
Use-after-free in libvips library
Medium Patched | 13 Oct, 2019
Denial of service in MATIO
Low Not Patched | 13 Oct, 2019
Cross-site scripting in Openfire
Low Patched | 12 Oct, 2019